Firewall Traversal in Mobile IPv6 Networks

Middleboxes, wie zum Beispiel Firewalls, sind ein wichtiger Aspekt für eine Großzahl moderner IP-Netzwerke. Heute IP-Netzwerke basieren überwiegend auf IPv4 Technologien, daher sind viele Firewalls und Network Address Translators (NATs) ursprünglich für diese Netzwerke entwickelt worden. Die Entwicklung von IPv6 Netzwerken findet zur Zeit statt. Da Mobile IPv6 ein relativ neuer Standard ist, unterstützen die meisten Firewalls die für IPv6 Netzwerke verfügbar sind, noch kein Mobile IPv6. Sofern Firewalls sich nicht der Details des Mobile IPv6 Protokolls bewusst sind, werden sie entweder Mobile IPv6 Kommunikation blockieren oder diesen sorgfältig handhaben. Dieses stellt einen der Haupthinderunggründe zum erfolgreichen Einsatz von Mobile IPv6 da.Diese Arbeit beschreibt die Probleme und Auswirkungen des Vorhandenseins von Middleboxes in Mobile IPv6 Umgebungen. Dazu wird zuerst erklärt welche Arten von Middleboxes es gibt, was genau eine Middlebox ist und wie eine solche Middlebox arbeiten und zweitens die Probleme identifiziert und die Auswirkungen des Vorhandenseins von Firewalls in Mobile IPv6 Umgebungen erklärt. Anschließend werden einige State-of-the-Art Middlebox Traversal Ansätze untersucht, die als mögliche Lösungen um die Mobile IPv6 Firewall Traversal Probleme zu bewältigen betrachtet werden können. Es wird detailiert erklärt wie diese Lösungen arbeiten und ihre Anwendbarkeit für Mobile IPv6 Firewall Traversal evaluiert.Als Hauptbeitrag bringt diese Arbeit zwei detailierte Lösungsansätze ein, welche das Mobile IPv6 Firewall Traversal Problem bewältigen können. Der erste Lösungsansatz, der NSIS basierte Mobile IPv6 Firewall Traversal, basiert auf dem Next Steps in Signaling (NSIS) Rahmenwerk und dem NAT/Firewall NSIS Signaling Layer Protocol (NAT/FW NSLP). Anschließend wird der zweite Lösungsansatz vorgestellt, der Mobile IPv6 Application Layer Gateway. Diese Arbeit erklärt detailiert, wie diese Lösungsansätze die Probleme und Auswirkungen des Vorhandenseins von Middleboxes in Mobile IPv6 Umgebungen bewältigen. Desweitern stellt diese Arbeit vor, wie die NSIS basierte Mobile IPv6 Firewall Traversal und die Mobile IPv6 Application Layer Gateway Proof-of-Concept Implementierungen, die im Rahmen dieser Arbeit entwicklet wurden, implementiert wurden. Abschließend werden die Proof-of-Concept Implementierungen sowie die beiden Lösungsansätze allgemein evaluiert und analysiert

Heterogeneous Access: Survey and Design Considerations

As voice, multimedia, and data services are converging to IP, there is a need for a new networking architecture to support future innovations and applications. Users are consuming Internet services from multiple devices that have multiple network interfaces such as Wi-Fi, LTE, Bluetooth, and possibly wired LAN. Such diverse network connectivity can be used to increase both reliability and performance by running applications over multiple links, sequentially for seamless user experience, or in parallel for bandwidth and performance enhancements. The existing networking stack, however, offers almost no support for intelligently exploiting such network, device, and location diversity. In this work, we survey recently proposed protocols and architectures that enable heterogeneous networking support. Upon evaluation, we abstract common design patterns and propose a unified networking architecture that makes better use of a heterogeneous dynamic environment, both in terms of networks and devices. The architecture enables mobile nodes to make intelligent decisions about how and when to use each or a combination of networks, based on access policies. With this new architecture, we envision a shift from current applications, which support a single network, location, and device at a time to applications that can support multiple networks, multiple locations, and multiple devices

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

IPv6 and IPsec Tests of a Space-Based Asset, the Cisco Router in Low Earth Orbit (CLEO)

This report documents the design of network infrastructure to support testing and demonstrating network-centric operations and command and control of space-based assets, using IPv6 and IPsec. These tests were performed using the Cisco router in Low Earth Orbit (CLEO), an experimental payload onboard the United Kingdom--Disaster Monitoring Constellation (UK-DMC) satellite built and operated by Surrey Satellite Technology Ltd (SSTL). On Thursday, 29 March 2007, NASA Glenn Research Center, Cisco Systems and SSTL performed the first configuration and demonstration of IPsec and IPv6 onboard a satellite in low Earth orbit. IPv6 is the next generation of the Internet Protocol (IP), designed to improve on the popular IPv4 that built the Internet, while IPsec is the protocol used to secure communication across IP networks. This demonstration was made possible in part by NASA s Earth Science Technology Office (ESTO) and shows that new commercial technologies such as mobile networking, IPv6 and IPsec can be used for commercial, military and government space applications. This has direct application to NASA s Vision for Space Exploration. The success of CLEO has paved the way for new spacebased Internet technologies, such as the planned Internet Routing In Space (IRIS) payload at geostationary orbit, which will be a U.S. Department of Defense Joint Capability Technology Demonstration. This is a sanitized report for public distribution. All real addressing has been changed to psueco addressing

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

Context transfer support for mobility management in all-IP networks.

This thesis is a description of the research undertaken in the course of the PhD and evolves around a context transfer protocol which aims to complement and support mobility management in next generation mobile networks. Based on the literature review, it was identified that there is more to mobility management than handover management and the successful change of routing paths. Supportive mechanisms like fast handover, candidate access router discovery and context transfer can significantly contribute towards achieving seamless handover which is especially important in the case of real time services. The work focused on context transfer motivated by the fact that it could offer great benefits to session re-establishment during the handover operation of a mobile user and preliminary testbed observations illustrated the need for achieving this. Context transfer aims to minimize the impact of certain transport, routing, security-related services on the handover performance. When a mobile node (MN) moves to a new subnet it needs to continue such services that have already been established at the previous subnet. Examples of such services include AAA profile, IPsec state, header compression, QoS policy etc. Re-establishing these services at the new subnet will require a considerable amount of time for the protocol exchanges and as a result time- sensitive real-time traffic will suffer during this time. By transferring state to the new domain candidate services will be quickly re-established. This would also contribute to the seamless operation of application streams and could reduce susceptibility to errors. Furthermore, re-initiation to and from the mobile node will be avoided hence wireless bandwidth efficiency will be conserved. In this research an extension to mobility protocols was proposed for supporting state forwarding capabilities. The idea of forwarding states was also explored for remotely reconfiguring middleboxes to avoid any interruption of a mobile users' sessions or services. Finally a context transfer module was proposed to facilitate the integration of such a mechanism in next generation architectures. The proposals were evaluated analytically, via simulations or via testbed implementation depending on the scenario investigated. The results demonstrated that the proposed solutions can minimize the impact of security services like authentication, authorization and firewalls on a mobile user's multimedia sessions and thus improving the overall handover performance

Future Trends and Challenges for Mobile and Convergent Networks

Some traffic characteristics like real-time, location-based, and community-inspired, as well as the exponential increase on the data traffic in mobile networks, are challenging the academia and standardization communities to manage these networks in completely novel and intelligent ways, otherwise, current network infrastructures can not offer a connection service with an acceptable quality for both emergent traffic demand and application requisites. In this way, a very relevant research problem that needs to be addressed is how a heterogeneous wireless access infrastructure should be controlled to offer a network access with a proper level of quality for diverse flows ending at multi-mode devices in mobile scenarios. The current chapter reviews recent research and standardization work developed under the most used wireless access technologies and mobile access proposals. It comprehensively outlines the impact on the deployment of those technologies in future networking environments, not only on the network performance but also in how the most important requirements of several relevant players, such as, content providers, network operators, and users/terminals can be addressed. Finally, the chapter concludes referring the most notable aspects in how the environment of future networks are expected to evolve like technology convergence, service convergence, terminal convergence, market convergence, environmental awareness, energy-efficiency, self-organized and intelligent infrastructure, as well as the most important functional requisites to be addressed through that infrastructure such as flow mobility, data offloading, load balancing and vertical multihoming.Comment: In book 4G & Beyond: The Convergence of Networks, Devices and Services, Nova Science Publishers, 201

End-to-end security in embedded system for modern mobile communication technologies

Modern mobile electronic devices such as smartphones or cell phones can now be used for distant devices such as technical systems to monitor and control. While surveillance systems do not require high standards navigating about the time of transfer of the displayed data. More real-time data are needed for a remote mobile robot transfer. Therefore, it has investigated and measured not only the possibilities of employing mobile devices. But also, the supported data transmission channels, such as UMTS, GSM, Wireless LAN, and Bluetooth. The remotecontrol system is used in many applications such as smart homes, cities, smart hospitals, etc., but it must be today updated to ensure fast-changing technology. Extensive coverage, remote control, and reliable operation in realtime in the deployment of wireless security knowledge. The home automation control system delivers significant features together with a user-friendly interface. A secure remote-based end-to-end security system NTMobile, a technique that enables NAT to provide transverse and encrypted communication from end to end. This confirmed that evaluating the performance of the system in the ECHONET lite compatible smartphone ecosystem. This gives flexibility in configuring time-sensitive industrial networks and enables them to be secured. A safe and reliable remote-control system is also conceivable under the privacy of the user

A framework for secure mobility in wireless overlay networks

Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility